Go to the documentation of this file.
32 #define TRACE_LEVEL TLS_TRACE_LEVEL
42 #if (TLS_SUPPORT == ENABLED)
98 #if (TLS_MAX_VERSION >= TLS_VERSION_1_0 && TLS_MIN_VERSION <= TLS_VERSION_1_1)
112 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
122 if(signAlgoList != NULL)
125 if(context->numSupportedSignAlgos > 0)
129 for(i = 0; i < context->numSupportedSignAlgos; i++)
132 signScheme = context->supportedSignAlgos[i];
154 n =
ntohs(signAlgoList->length) /
sizeof(uint16_t);
157 for(i = 0; i <
n; i++)
160 signScheme =
ntohs(signAlgoList->value[i]);
254 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
273 extension->length =
htons(
n);
309 uint8_t *
p,
size_t *written)
313 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
348 n *=
sizeof(uint16_t);
350 signAlgoList->length =
htons(
n);
355 extension->length =
htons(
n);
381 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
384 uint_t numSupportedSignAlgos;
385 const uint16_t *supportedSignAlgos;
393 if(context->numSupportedSignAlgos > 0)
396 supportedSignAlgos = context->supportedSignAlgos;
397 numSupportedSignAlgos = context->numSupportedSignAlgos;
411 for(i = 0; i < numSupportedSignAlgos; i++)
417 signAlgoList->value[
n++] =
htons(supportedSignAlgos[i]);
422 n *=
sizeof(uint16_t);
424 signAlgoList->length =
htons(
n);
458 if(signSchemeList != NULL)
461 n =
ntohs(signSchemeList->length) /
sizeof(uint16_t);
465 for(i = 0; i <
n && !found; i++)
468 if(
ntohs(signSchemeList->value[i]) == signScheme)
498 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
530 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED)
548 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
564 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
617 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
633 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
649 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
665 #if (TLS_MLDSA44_SIGN_SUPPORT == ENABLED)
681 #if (TLS_MLDSA65_SIGN_SUPPORT == ENABLED)
697 #if (TLS_MLDSA87_SIGN_SUPPORT == ENABLED)
733 #if (TLS_MAX_VERSION >= TLS_VERSION_1_2 && TLS_MIN_VERSION <= TLS_VERSION_1_3)
754 cipherSuiteTypes = context->cipherSuiteTypes;
759 cipherSuiteTypes = context->cipherSuiteTypes;
762 #if (TLS_RSA_SIGN_SUPPORT == ENABLED)
788 #if (TLS_DSA_SIGN_SUPPORT == ENABLED)
811 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED)
836 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
849 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
862 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
875 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED)
892 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED)
909 #if (TLS_RSA_PSS_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED)
926 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA256_SUPPORT == ENABLED && \
927 TLS_BRAINPOOLP256R1_SUPPORT == ENABLED)
939 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA384_SUPPORT == ENABLED && \
940 TLS_BRAINPOOLP384R1_SUPPORT == ENABLED)
952 #if (TLS_ECDSA_SIGN_SUPPORT == ENABLED && TLS_SHA512_SUPPORT == ENABLED && \
953 TLS_BRAINPOOLP512R1_SUPPORT == ENABLED)
965 #if (TLS_SM2_SIGN_SUPPORT == ENABLED)
977 #if (TLS_ED25519_SIGN_SUPPORT == ENABLED)
990 #if (TLS_ED448_SIGN_SUPPORT == ENABLED)
1003 #if (TLS_MLDSA44_SIGN_SUPPORT == ENABLED)
1015 #if (TLS_MLDSA65_SIGN_SUPPORT == ENABLED)
1027 #if (TLS_MLDSA87_SIGN_SUPPORT == ENABLED)
1054 if(hashAlgo != NULL)
1062 hashAlgo != context->cipherSuite.prfHashAlgo)
1075 if(context->numSupportedSignAlgos > 0)
1078 for(i = 0; i < context->numSupportedSignAlgos; i++)
1081 if(context->supportedSignAlgos[i] == signScheme)
1086 if(i >= context->numSupportedSignAlgos)
1258 #if (EC_SUPPORT == ENABLED)
bool_t x509IsCurveSupported(const uint8_t *oid, size_t length)
Check whether a given elliptic curve is supported.
@ TLS_CIPHER_SUITE_TYPE_RSA
@ TLS_SIGN_SCHEME_ECDSA_BP256R1_TLS13_SHA256
bool_t x509IsSignAlgoSupported(X509SignatureAlgo signAlgo)
Check whether a given signature algorithm is supported.
const HashAlgo * tlsGetHashAlgo(TlsHashAlgo hashAlgoId)
Get the hash algorithm that matches the specified identifier.
bool_t x509IsHashAlgoSupported(X509HashAlgo hashAlgo)
Check whether a given hash algorithm is supported.
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA256
bool_t tlsIsCertSignAlgoSupported(uint16_t signScheme)
Check whether a signature algorithm can be used for X.509 certificate validation.
@ TLS_SIGN_SCHEME_MLDSA44
@ TLS_STATE_CERTIFICATE_REQUEST
TlsCertificateType type
End entity certificate type.
const uint8_t BRAINPOOLP512R1_OID[9]
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA512
error_t tlsFormatSignAlgosExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithms extension.
bool_t tlsIsSignAlgoAcceptable(TlsContext *context, uint16_t signScheme, const TlsCertDesc *cert)
Check whether a signature algorithm is compatible with the specified end-entity certificate.
TlsHashAlgo
Hash algorithms.
const uint8_t BRAINPOOLP384R1_OID[9]
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA512
@ TLS_SIGN_SCHEME_ED25519
@ TLS_GROUP_BRAINPOOLP256R1
#define TLS_HASH_ALGO(signScheme)
@ TLS_CIPHER_SUITE_TYPE_TLS13
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA384
@ TLS_SIGN_SCHEME_RSA_PSS_RSAE_SHA384
@ TLS_SIGN_SCHEME_MLDSA65
@ TLS_CIPHER_SUITE_TYPE_SM
error_t tlsFormatSupportedSignAlgos(TlsContext *context, uint8_t *p, size_t *written)
Format the list of supported signature algorithms.
@ TLS_EXT_SIGNATURE_ALGORITHMS_CERT
@ TLS_SIGN_SCHEME_MLDSA87
@ TLS_CIPHER_SUITE_TYPE_ECDSA
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA1
bool_t tlsIsSignAlgoSupported(TlsContext *context, uint16_t signScheme)
Check whether a signature algorithm can be used for digital signatures.
const uint16_t tlsSupportedSignAlgos[]
@ TLS_SIGN_SCHEME_RSA_PSS_PSS_SHA256
@ TLS_SIGN_SCHEME_ECDSA_SECP521R1_SHA512
@ TLS_HASH_ALGO_INTRINSIC
error_t tlsSelectSignAlgo(TlsContext *context, const TlsCertDesc *cert, const TlsSignSchemeList *signAlgoList)
Select the algorithm to be used when generating digital signatures.
@ TLS_SIGN_SCHEME_ECDSA_SHA1
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA256
@ TLS_STATE_CLIENT_CERTIFICATE_VERIFY
@ TLS_SIGN_SCHEME_ECDSA_BP512R1_TLS13_SHA512
@ TLS_GROUP_BRAINPOOLP512R1
bool_t tlsIsSignAlgoOffered(uint16_t signScheme, const TlsSignSchemeList *signSchemeList)
Check whether a signature algorithm is offered in the SignatureAlgorithms extension.
@ TLS_SIGN_SCHEME_SM2SIG_SM3
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA512
@ TLS_SIGN_SCHEME_ECDSA_BP384R1_TLS13_SHA384
@ TLS_SIGN_SCHEME_RSA_PKCS1_SHA384
@ TLS_SIGN_SCHEME_ECDSA_SECP384R1_SHA384
Helper functions for signature generation and verification.
TLS (Transport Layer Security)
@ TLS_EXT_SIGNATURE_ALGORITHMS
Common interface for hash algorithms.
#define TLS_SIGN_ALGO(signScheme)
@ TLS_SIGN_SCHEME_ECDSA_SECP256R1_SHA256
error_t tlsFormatSignAlgosCertExtension(TlsContext *context, uint8_t *p, size_t *written)
Format SignatureAlgorithmsCert extension.
TlsSignatureScheme
Signature schemes.
@ TLS_CIPHER_SUITE_TYPE_DSA
#define TLS_SIGN_SCHEME(signAlgo, hashAlgo)
TlsNamedGroup namedCurve
Named curve used to generate the EC public key.
@ TLS_GROUP_BRAINPOOLP384R1
const uint8_t BRAINPOOLP256R1_OID[9]